Key Ways To Prevent Data Loss

Data loss is crippling for any business, especially in the era of Big Data, where companies rely on digital information to refine their marketing, prospects and transactions. Reducing the risk of data loss is an essential part of a data management strategy.

The first goal should be to prevent the loss of data from occurring. There are several reasons that can lead to data loss. Some of them are listed below:

1) hard drive failures

2) Accidental deletions (user error)

3) computer viruses and malware

4) laptop theft

5) power outages

6) Damage due to coffee or water spilled; Etc.

However, in case of loss, you can implement several good practices to increase your chances of recovery.

Second, do not put all your eggs in the cloud basket. The cloud is essential for cost-effective storage, but there are pitfalls to consider. Many examples of data loss occurred when an employee simply dropped his computer or hard drive. Discuss with staff members about best practices. SD cards are much more fragile and should never be used as long-term storage.

Here is an overview of the best ways to protect your data from loss and unauthorized access.

Go back early and often


The most important step in protecting your data from loss is to back up it regularly. How often should you back up? It depends on how much data you can afford to lose if your system crashes completely. A week of work? A day of work? An hour of work?

You can use the Windows built-in backup utility (ntbackup.exe) to perform basic backups. You can use the wizard mode to simplify the process of creating and restoring backups, or you can configure the backup settings manually, and you can schedule backup jobs to run automatically.

There are also many third-party backup programs that can offer more sophisticated options. Whichever program you use, it's important to store a copy of your off-site backup in the event of a fire, tornado, or other natural disaster that can destroy your backup tapes or discs, as well as data from your computer. origin.

Diversify your backups

You always want more than one backup system. The general rule is 3-2-1. You should have 3 backups of everything that is very important. They must be saved in at least two different formats, for example in the cloud and on a hard disk. There should always be an off-site backup in case your physical office is damaged.

Use file-level and share-level security


To keep your data out of your data, the first step is to set permissions on the files and data folders. If you have data in network shares, you can set sharing permissions to control which user accounts can access files on the network. In Windows 2000 / XP, you must click the Permissions button on the Sharing tab of the file or folder property sheet.
However, these shared-level permissions will not apply to someone who uses the local computer where the data is stored. If you share the computer with someone else, you will need to use file-level permissions (also known as NTFS permissions because they are only available for files / folders stored on NTFS-formatted partitions). File-level permissions are set using the Security tab of the property sheet and are much more detailed than share-level permissions.

In either case, you can set permissions for user accounts or groups, and to allow or deny different levels of access, from read-only to full control.

Password protected documents


Many productivity applications, such as Microsoft Office applications and Adobe Acrobat, allow you to set passwords for individual documents. To open the document, you must enter the password. To protect a document with a password in Microsoft Word 2003, go to Tools | Options and click the Security tab. You can request a password to open the file and / or make changes to it. You can also set the type of encryption to use.

Unfortunately, Microsoft password protection is relatively easy to crack. There are programs on the market designed to recover Office passwords, such as Elcomsoft's Advanced Office Password Recovery (AOPR) software. This type of password protection, such as a standard lock (without deadbolt) on a door, will deter potential intruders, but can be easily circumvented by a determined intruder with the right tools.

You can also use compression software such as WinZip or PKZip to compress and encrypt documents.

Use EFS encryption


Windows 2000, XP Pro, and Server 2003 support the File Encryption System (EFS). You can use this built-in certificate-based encryption method to protect individual files and folders stored on NTFS-formatted partitions. Encrypting a file or folder is as easy as checking a box. just click the Advanced button on the General tab of its property sheet. Note that you can not use EFS encryption and NTFS compression at the same time.

EFS uses a combination of asymmetric and symmetric encryption, for both security and performance. To encrypt files with EFS, a user must have an EFS certificate, which can be issued by a Windows CA or self-signed if there is no CA on the network. EFS files can be opened by the user whose account encrypted them or by a designated recovery agent. With Windows XP / 2003, but not Windows 2000, you can also designate other user accounts that have access to your EFS encrypted files.

Note that EFS is intended for protecting data on the disk. If you send an EFS file over the network and someone uses a sniffer to capture the data packets, they will be able to read the data in the files.

Use disk encryption


There are many third-party products available that will allow you to encrypt an entire disk. Full disk encryption locks all the contents of a drive / disk partition and is transparent to the user. Data is automatically encrypted when written to the hard disk and automatically decrypted before being loaded into memory. Some of these programs can create invisible containers in a partition that act as a disk hidden in a disk. Other users only see the data on the "external" disk.

Disk Encryption Products can be used to encrypt removable USB drives, thumb drives, etc. Some allow you to create a master password as well as secondary passwords with lower rights that you can give to other users. Examples include PGP Whole Disk Encryption and DriveCrypt, among many others.

Use a public key infrastructure


A Public Key Infrastructure (PKI) is a public / private key pair management system and digital certificates. Because keys and certificates are issued by a trusted third party (a certificate authority, either internal or installed on a certificate server on your network, or public, such as Verisign), certificate security is enhanced.

You can protect the data you want to share with someone else by encrypting it with the recipient's public key, which is available to everyone. The only person who can decipher it is the holder of the private key that corresponds to this public key.

Hide data with steganography

You can use a steganography program to hide data in other data. For example, you can hide a text message in a .JPG graphic file or in an MP3 audio file, or even in another text file (although this is difficult because text files do not contain a lot of redundant data that can be replaced by the hidden file). message). Steganography does not encrypt the message, so it is often used with encryption software. The data is first encrypted and then hidden in another file with the steganography software.

Some steganographic techniques require the exchange of a secret key and others use public / private key cryptography. StegoMagic is a popular example of steganography software, a free download that encrypts messages and masks them in .TXT, .WAV or .BMP files.

Protect data in transit with IP security


Your data can be captured while traveling on the network by a hacker with detection software (also known as network monitoring or protocol analysis software).

To protect your data in transit, you can use IPsec (Internet Protocol Security) - but the sending and receiving systems must support it. Microsoft Windows 2000 and later operating systems support IPsec. Applications do not need to know IPsec because it works at a lower level of the network model. Encapsulating Security Payload (ESP) is the protocol used by IPsec to encrypt data for confidentiality purposes. It can operate in tunnel mode, for gateway-to-gateway protection, or in transport mode, for end-to-end protection. To use IPsec in Windows, you must create an IPsec policy and choose the authentication method and IP filters to use. The IPsec settings are configured through the TCP / IP protocol property sheet on the Advanced TCP / IP Settings Options tab.

Secure wireless transmissions


Data that you send over a wireless network is even more prone to interception than data sent over an Ethernet network. Hackers do not need physical access to the network or its devices. Anyone with a wireless laptop and a high gain antenna can capture data and / or access the network and access the data stored there if the wireless access point is not configured secure way.

You should only send or store data over wireless networks that use encryption, preferably Wi-Fi Protected Access (WPA), which is more powerful than Wired Equivalent Protocol (WEP).

Use rights management to stay in control


If you need to send data to others but want to protect it after your system leaves your system, you can use Windows Rights Management Services (RMS) to control what recipients can do. For example, you can set rights so that the recipient can read the Word document you sent but can not edit, copy, or save it. You can prevent recipients from forwarding email messages that you send to them, and you can even set the expiration of documents or messages at a specified date / time, so that the recipient can not access them after that time.

To use RMS, you need a Windows Server 2003 server configured as an RMS server. Users need client software or an Internet Explorer add-in to access RMS-protected documents. Users to whom rights are assigned must also download a certificate from the RMS server.

Comments